The goal of this project is to measure and study how uniquely identifiable web browsers are. All of the data for the project will be collected in an anonymized form which ensures that it is not Personally Identifiable Information, nor otherwise likely to lead to the identification or tracking of any web users.
In this policy, "EFF" and "we" refer to EFF staff, board members, cooperating attorneys, interns, volunteers, and consultants, all of whom are bound by law or contract to keep information they receive as part of their assistance to EFF confidential.
Information Gathered by EFF's Panopticlick Website
In general, Panopticlick collects anonymous data about the configuration of computers, operating systems, browsers plugins, adblockers and other privacy software. If you click the “test me” buttons, this type of information will be collected from your browser. Although these kinds of data may form a `fingerprint' that could in principle be combined with information about page requests and identifying details in order to track people's browsing habits, EFF will never do so.
The specific `fingerprint' information we collect includes:
- The user agent string from each browser
- The HTTP ACCEPT headers sent by the browser
- Screen resolution and color depth
- The Timezone your system is set to
- The browser extensions/plugins, like Quicktime, Flash, Java or Acrobat, that are installed in the browser, and the versions of those plugins
- The fonts installed on the computer, as reported by Flash or Java.
- Yes/no information saying whether the browser accepts various kinds of cookies and "super cookies"
- A hash of the image generated by canvas fingerprinting
- A hash of the image generated by WebGL fingerprinting
- Yes/no whether your browser is sending the Do Not Track header
- Your system platform (e.g. Win32, Linux x86)
- Your system language (e.g. en-US)
- Your browser's touchscreen support
- Other fingerprinting information that indicates which privacy tools you have installed, which may include:
- Whether your browser makes connections to various third party URLs, which have characteristics that would typically indicate that they serve advertising, analytics, or other forms of tracking code;
- The presence or absence of DOM elements that indicate the operation or absence of an ad- or tracker-blocker; or
- Whether we believe that your IP address is a Tor exit relay or VPN.
In addition, we collect several kinds of `housekeeping' information to assist us in analyzing the fingerprint data. The housekeeping information is:
- Encrypted IP addresses
Our practices and purposes for collecting these housekeeping records are discussed below:
Panopticlick sets a cookie that persists for 3 months for the sole purpose of determining how often browser characteristics change, and how often they stay the same, when a browser returns over time. If your browser is configured to accept cookies, and you return to Panopticlick several times, the cookie will be used to link the data from your visits together.
Panopticlick does not log IP addresses, but we do compute cryptographic "keyed hashes" or HMACs of each IP address, using a key which we periodically discard. This hashed IP will allow us to collect an anonymous dataset about how often browsers that change IP address could have been followed using a fingerprint.
For visitors to our website, we generally log requests to our website for up to seven days from when the data was collected after stripping the visitor's IP address from the request. Circumstances in which EFF may need to log and retain IP addresses and other technical information include when we believe it is reasonably necessary for EFF’s mission and functionality, including situations such as:
- site testing,
- diagnosis of technical problems,
- defending against attacks to the site,
- handling a spike in traffic or other abnormal, short-term circumstances.
Panopticlick collects a timestamp each time it is visited. This will be used to measure how fast browser fingerprints change, but for no other purpose.
EFF's Use of Information from Panopticlick
In general, EFF uses the information provided by you to further its mission, protect privacy, defend freedom, and protect your rights in the digital world.
We may look at technical information to diagnose problems with our server and to administer the Panopticlick website.
Panopticlick has no Third-Party Service Providers. However, if you leave the “test with a real tracking company” option enabled, Panopticlick will use a real resource from a third-party tracker for some tests in order to determine whether your ad blocker or privacy tool allows whitelisted resources, such as those under the so-called “Acceptable Ads” program to unblock those trackers. Your browser sends very limited information during these test, such as a request for a “favicon”, with referrers disabled where possible. We believe that in most cases, trackers will learn nothing useful from this request, though some unblocked trackers might be able to guess you were visiting Panopticlick as a result of it.
EFF uses simulators of third party tracking systems in order to determine whether the visitor's browser is protected against similar trackers. Please note that our simulators may not encompass all the possible ways that a third party tracking system may operate.
Sharing of Panopticlick data
From time to time, EFF may also share datasets derived from our technology projects with research partners working on topics related to Internet security, censorship resistance, privacy or other public policy objectives. We may also publish datasets in an effort to further these objectives. The datasets we may share or publish will not intentionally contain personally identifiable information.
Before sharing, we will evaluate whether further sanitization or aggregation of data is necessary to reduce the likelihood that inferences about identifiable individuals' activities might be made from the published dataset. Because anonymization is an algorithmically complex problem, we cannot promise that it will be flawless or attack-proof. When we believe that a dataset may contain information that is especially sensitive or vulnerable to de-anonymition, we will not publish it, and if we share such data with research partners, we will place them under a contractual obligation to keep the dataset confidential and avoid de-anonymization.
Changes to Our Policies
EFF employs industry standard security measures to protect the loss, misuse, and alteration of the information under our control.
Although we make good faith efforts to store information collected by EFF in a secure operating environment, we cannot guarantee complete security. Information collected by EFF will be maintained for a length of time appropriate to our needs.
Updated December 17, 2015 to reflect the changes in version 2.0 of our tracking and fingerprinting detection tool.
Updated November 28, 2017 to reflect the addition in version 3.0 of the so-called "acceptable ads" test.